Interview Integrity Policy Template for HR Teams
Detection without policy is legally fragile. Before you monitor a single interview, you need a written policy that tells candidates what to expect, tells interviewers how to act on signals, and tells your legal team what data you hold and for how long. This template covers all three.
Adapt the bracketed sections to your organisation. Have your legal team review the consent language before it goes live — requirements vary between jurisdictions and between sectors. This template reflects best practices under GDPR and CCPA but is not legal advice.
Section 1 — Purpose and scope
[Organisation name] runs integrity monitoring on live remote interviews to ensure that evaluation results reflect each candidate's individual skills and knowledge. This policy applies to all technical and structured remote interviews conducted via [list your platforms]. It does not apply to take-home assignments or in-person interviews.
Section 2 — What is monitored
During a monitored interview, a lightweight software agent runs on your device and collects the following metadata: names of running processes (present or absent, not their content); window focus events (which window is active, not its content); clipboard event size and timing (volume and timing of paste operations, not the text pasted); and typing cadence (the rhythm of keystrokes, not the characters typed). No screen recording, audio recording, video recording, keystroke logging, or clipboard content is collected at any time.
Section 3 — What is not permitted
The following are not permitted during a monitored interview unless explicitly stated in the interview invitation: AI answer-generation tools (including but not limited to ChatGPT, Gemini, Claude, Copilot, or any similar product); remote-access software operated by a third party; virtual camera or voice-alteration software; and any application designed to conceal its presence from the monitoring system.
Permitted tools will be listed explicitly in the interview invitation. When in doubt, ask your recruiter before the session — not during it.
Section 4 — Candidate consent
Participation in a monitored interview is voluntary. Candidates who do not consent may withdraw from the process without prejudice at any time before the session begins. Consent is collected electronically via [consent platform / link in calendar invite] and must be confirmed before the monitoring agent is activated. Consent may be withdrawn up to the start of the session; withdrawal after the session has begun does not delete data already collected.
Section 5 — How signals are used
At session end, the monitoring system produces a signed integrity report containing a composite score (0–100) and a per-signal breakdown. This report is one input into the hiring decision, not the decision itself. No candidate will be disqualified solely on the basis of an automated integrity score. A trained human reviewer will assess any report with a score below [threshold] before any decision is communicated to the candidate.
Section 6 — Data retention and deletion
Integrity reports are retained for [12 months / duration of any applicable employment dispute window] and then permanently deleted. Candidates may request a copy of their own report under [GDPR Article 15 / CCPA right to know]. Requests should be directed to [privacy contact]. Reports are cryptographically signed and tamper-evident; the signature is validated as part of any data access request.
Making the policy work in practice
A policy that lives only in a PDF has limited effect. For it to work, every recruiter and every interviewer needs to know three things: what the policy says, how to send the disclosure to candidates, and what to do when the report flags a concern. Build these into your interviewer training — a 10-minute async video is enough for most teams.
Policy checklist before going live
- Legal review complete for each jurisdiction you hire in.
- Consent flow tested end-to-end — candidate receives disclosure, confirms, agent activates.
- Opt-out path works — declining consent does not trigger a calendar error or a recruiter panic.
- Report review process defined — who reviews flagged reports, in what timeframe, with what escalation path.
- Data retention schedule in the system — reports should auto-delete at policy expiry, not accumulate indefinitely.
- ATS integration live — reports attach to candidate records automatically.
InterviewWatch handles consent, monitoring, and reporting in one flow
Built-in consent collection, metadata-only monitoring, signed PDF reports, and ATS attachment — everything your policy describes, running automatically.